Secunia Security Advisory - Edi Strosar has reported a security issue in X-Spam for SMTP Servers, which can be exploited by malicious, local users to gain escalated privileges.
fc439ca3c2465faeacbeea3245378279774b77c0e2a9e2db1f4f05cc3231b6bb
----------------------------------------------------------------------
We have updated our website, enjoy!
http://secunia.com/
----------------------------------------------------------------------
TITLE:
X-Spam for SMTP Servers Insecure File Permissions
SECUNIA ADVISORY ID:
SA31765
VERIFY ADVISORY:
http://secunia.com/advisories/31765/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
X-Spam for SMTP Servers 5.x
http://secunia.com/product/19764/
DESCRIPTION:
Edi Strosar has reported a security issue in X-Spam for SMTP Servers,
which can be exploited by malicious, local users to gain escalated
privileges.
The problem is caused due to insecure default file permissions being
set on the installation directory. This can be exploited to gain
escalated privileges e.g. by replacing certain EXE files in the
directory.
The vulnerability is reported in 5.6a. Other versions may also be
affected.
SOLUTION:
Grant only trusted users access to the affected system.
PROVIDED AND/OR DISCOVERED BY:
Edi Strosar
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------